Tag: wireless router

Articles – French language / Langue Française 

SFR lancera une nouvelle box en septembre… pour contrer Free ? | O1net.com

SFR : une nouvelle box fibre pour septembre ? | ZDNet.fr

SFR annonce une nouvelle box ! | Ere Numérique

From the horse’s mouth

SFR

Product Page (French language / Langue Française)

My Comments

It looks like there will be a tight showdown between two of the French telcos when it comes to the multiple-play “n-box” services.

The Freebox Révolution to be replaced with better-performing equipment soon

Free.fr did a bit of initial murmuring this month (July) about the Freebox v7 that will be surfacing on the French market in September. This is a powerful unit that can handle 4K UHDTV and is intended to replace the Freebox Révolution which was known to set the standard for carrier-supplied routers and set-top boxes.

Now SFR have made mention about a triple-play “n-box” service with hardware that is said to be on a par with, if not better than, Free’s setup. Here, this will be about improved Wi-Fi technology of the 802.11ac order, a new design and, like the Freebox, support for 4K UHDTV. This is in conjunction with more sports content and VoD content being made available to their subscriber base on 4K UHDTV.

It will be released in September, concurrently to when Free will put their new Freebox on the market. SFR want to also allow their existing subscriber base to upgrade to this new service for EUR€49 with a 12 month contract.

In the UK, British Telecom had raised the bar for Wi-Fi performance offered by a carrier-supplied wireless modem router. Could this also mean that the French telcos could join in and offer highly-powerful carrier-supplied wireless modem routers for their services as a way to compete against each other.

What is now happening is that the calibre offered for carrier-supplied home-network equipment could be another way where telcos and ISPs in a highly-competitive market could compete against each other. This is in addition to what you could get for your landline or mobile telephony service, your pay-TV service’s channel lineup or your Internet bandwidth and included services for the monthly charge that you stump up.

Article

eero: A Mesh WiFi Router Built for Security (Product Review) | Krebs On Security

My Comments

A common issue raised in relation to home-network routers is that they aren’t really designed for security. It applies more to the equipment that is sold through the popular retail locations like the electronics chains.

This is due to issues like firmware that isn’t always kept up to date along with an insecure “out-of-box” management-console login experience. The latter situation manifests typically in the form of a default username and password that is common across a product range rather than unique to each device.

The eero router which is effectively a Wi-Fi mesh system has answered these issues courtesy of the following: firmware that is updated automatically and a secure-setup routine based around an enabling code sent to your phone. The former method has been practised by AVM with their latest firmware for the Fritz!Box routers with these devices automatically updating. The latter method has been practised through the use of a mobile-platform app where you enter your name, email address and mobile phone number. This requires you to receive a one-time password from your smartphone by SMS. You enter this to the mobile app before you determine your home network’s ESSID and passphrase.

This kind of login experience for the management Web page could be very similar to a well-bred two-factor authentication routine that comes in to play for some online services whenever you add another device or, in some cases, as you log in. Here, the FIDO U2F standard or support for Google Authenticator could be implemented in a router to permit secure login to the management page.

As for Wi-FI implementation, this router implements a proprietary mesh technology with each extender implementing separate radio transceivers for both the backhaul link and the client-side link. This allows for full bandwidth to be served to the Wi-Fi client devices. Each router device also has two Ethernet ports with one of those being configured for WAN (Internet) connection. Personally, I would like to see both ports switch to LAN mode on an eero router if it is serving as a repeater. This would earn its place with video peripherals, printers or desktop computers.

What I see of this is a step in the right direction for improved security for small networks and other manufacturers could learn from eero and AVM in working on a secure setup routine along with automatically-updated firmware.

Article

Linksys EA8500 broadband router – One of the first MU-MIMO capable wireless routers

Why You’ll Want MU-MIMO | SmallNetBuilder

My Comments

A feature that is appearing at the top-end of manufacturers’ wireless router and access-point lineups, but will trickle down to more modest offerings including ISP-offered equipment is MU-MIMO (Multi-User Multiple Input Multiple Output).

This answers a situation faced with home, business and public Wi-Fi networks where individual users’ bandwidth is reduced because there are more Wi-Fi client devices using these segments.

It effectively provides an effective total throughput improvement where there is at least one MU-MIMO Wi-Fi client device on the wireless network. The trick used here is to use “beamforming”, which is effectively steering radio waves between radio endpoints, to achieve simultaneous AP-client data transfer for up to three client devices.

It is effectively like what an Ethernet switch does for an Ethernet network where it allocates the maximum bandwidth to the network client rather than sharing that bandwidth amongst a group of devices.

Previously, if you had a three-stream access point or router with 3 antennas, a third of the total bandwidth would be offered to the single-stream devices. These devices would also limit the bandwidth offered by the access point for that Wi-Fi segment and share that amongst the other devices. But a MU-MIMO setup would send the needed bandwidth to each device simultaneously, creating a “fat Wi-Fi pipe” for each device.

It also answers a reality where a Wi-Fi network would be serving plenty of legacy devices based on 802.11a/b/g/n or 802.11ac SU-MIMO technology along with the newer MU-MIMO devices. Here, the remaining Wi-Fi bandwidth would be freed up for the legacy devices to share while each MU-MIMO device has its own bandwidth.

But to see some real throughput benefit from a MU-MIMO 802.11ac Wi-Fi wireless network segment, you would need to be using an 802.11ac MU-MIMO client device on that segment. This would appear as devices are upgraded to newer models that have this feature.

A good question to raise with MU-MIMO would be whether clients and access points still benefit from multiple-access-point setups that are used to increase coverage and whether these setups also increase network capacity.

Other than that, it is the sign of things to come for the Wi-Fi wireless-network segment where they will benefit from increased throughput.

Introduction

A router that is part of a full broadband service

One task that you will need to know how to do when you set up a small network for your home or business is to set up an Internet router. This may be done when you upgrade to a newer and better router, replace one that has failed or simply set up your new Internet service. You may also have to do this if you move premises and have to deal with a new Internet service provider or want to make sure that the Wi-Fi wireless network works properly.

In a lot of cases where you have a modem-router provided by your Internet Service Provider, you may find that the router is already setup for you or you may face a “wizard-driven” setup interface to help you through the setup routine.

Router Types

Broadband Router

This common type of router has an Ethernet connection and is designed to be connected to a broadband modem, typically provided by your broadband Internet service provider.

It is the type that will become increasingly relevant as more areas enable next-generation broadband and deliver the appropriate modems for the next-generation broadband technology because these will implement an Ethernet connection.

Modem Router

A modem router has an integrated broadband modem and connects directly to the broadband Internet service. This typically describes most equipment that is connected to an ADSL service or is supplied by an increasing number of residential Internet service providers.

Newer high-end modem routers may also have the ability to be connected to an external broadband modem. This is typically to cater for people who switch over to a cable Internet service or upgrade to next-generation broadband or businesses who want a highly-resilient broadband service.

Wireless Router

A router may be referred to as a “wireless router” if it is equipped with an integrated Wi-Fi wireless access point, which most of the routers sold to a lot of households are. These units may be a broadband router or a modem router as described above.

Login Parameters

A home network will typically have up to three sets of login credentials to take care of: the Device Management Password, the Internet Service credentials and the Wi-Fi Network parameters. Most consumer ISPs who supply the router for your network will prepare a card or other aide-memoire document which has these parameters on it and it is a good idea to write out a document that has these details when you set up your home network whether you were supplied with one of these cards in the first place or not.

Device Management Password

This set of credentials contains a device-determined user name and a password as the “keys” to the Web-based setup/management user interface for your router.

Internet Service credentials

This may be of importance to most ADSL services and some cable services, but they are the credentials that are determined by your Internet Service Provider when they provision (set up) your Internet service. They are not needed with most cable, mobile-broadband and next-generation Internet services.

These credentials, where applicable, are usually the same for the duration of your business relationship with your Internet service. Even if you relocate to another location serviced by the same Internet provider, these credentials will stay with you.

Wi-Fi network parameters

They represent the “Service Set ID” (SSID) which is your Wi-Fi network’s “call-sign”, and the WPA2-Personal passphrase for your home network’s Wi-Fi wireless segment if the network has one. They can be determined randomly when you first purchase your router or as part of an initial “WPS” setup routine.

Here, I would prefer to keep these credentials, especially the SSID and the WPA2-Personal passphrase constant even if you upgrade your router or set up a multiple-access-point “Extended Service Set”. If you relocate, you may choose to maintain these credentials or create new credentials for your new location.

The reason is that you avoid having to re-establish Wi-Fi connectivity to all of your portable devices if you upgrade or replace your router.

Primary Connection Classes

WAN connection

This connection, looked after by an integrated broadband modem and/or an Ethernet port that is marked “WAN” or “Internet” provides the link to a larger network that is typically your Internet service.

Multiple WAN connections

An increasing number of high-end routers, especially high-end ADSL modem routers provide two or three WAN connections. One is typically the ADSL modem or an Ethernet port while the other may be another Ethernet port for another modem or a USB peripheral port that allows you to connect a wireless-broadband modem. A lot of the routers that implement this feature will allow you to determine one of the four Ethernet ports as being a LAN port for the local network or an extra WAN connection.

Typically this is either to provide connection to a different medium like next-generation broadband, or you can use it to “gang” two or more Internet services together for increased bandwidth, load-balancing where certain data-transfer activities are sent one broadband connection while others are sent through the other broadband connection; or a fault-tolerant Internet connection where if one of the connections fails, the other connections come in to play.

LAN Connection

These connections represent the logical network or “subnet” that represents all the devices in the home network that want to benefit from the Internet connection and other network resources offered in this network.

This is represented by up to four Ethernet connections and, in most cases, a Wi-Fi wireless segment working at best to the 802.11n standard on either or both the 2.4GHz and 5GHz bands. Some newer high-performance units will work at best to the 802.11ac Wi-Fi standard on the 5GHz band.

Other LAN connections that some of the devices will offer include a USB network interface adaptor for a regular computer that doesn’t have network ability, or a HomePlug AV powerline network segment. The latter may be offered in the form of a power-supply module that integrates the HomePlug-Ethernet adaptor and is what most of the French ISPs are using for their triple-play Internet services.

Setting up your connection

Make sure your Internet access works first

When you set up your home network, use one device, preferably a regular desktop or laptop computer for the setup routine. Preferably the device should be connected to the router via a LAN Ethernet connection or Wi-Fi with “out-of-the-box” default parameters. Then you connect your broadband connection to the router, whether this involves connecting it to your broadband modem or connecting it to the DSL, cable or other service in the case of a modem router. Resist the temptation to tweak your router’s settings beyond what is actually required to achieve connection such as to harden security or improve network performance.

If your setup is based around a separate modem, switch on that modem and make sure that the SYNC and LINK lights are steady. The SYNC light or similar light indicates that the modem has effectively made a connection with the “head-end” of your service on a media level, while the LINK or INTERNET light indicates that it has established service with the provider on a logical level. Then switch on your router.

Log in to your router and visit the “WAN” or “Internet Connection” menu on the user interface. Here, set up the Internet service connections according to your service requirements. Most cable, fixed-wireless and next-generation broadband connections typically just require you to choose a DHCP connection as your connection type for residential services.

In the case of an ADSL service or other service that has login requirements, select the login or authentication method that your service uses and enter the Internet Service credentials that were determined as part of provisioning your Internet service.

You should see the “Internet” light glow steady and the “WAN” or “Internet Connection” details update with information like an IP address. This is the point of success and, to prove it, open a Webpage like a news portal in another tab or session (window) of your Web browser.

Wi-Fi wireless for best-case performance

Here, you need to set up your wireless-network segment for best-case performance.

If your router implements external antennas (aerials) such as the typical “rabbit’s ears”, make sure these are upright so they are not obfuscated by the unit itself or other computer equipment or metal furniture and fixtures. It may also be a better practice to place the router on top of a piece of furniture to assure proper Wi-Fi performance although this may not be aesthetically appealing.

The 2.4GHz band should be set for 802.11g/n or 802.11b/g/n operating mode so as to preserve compatibility with 802.11g devices but allow best performance with 802.11n devices using this band. This is because a lot of older and cheaper consumer-electronics devices use the 802.11g technology and this technology may be still used with portable devices like smartphones and tablets in order to economise on battery life.

The 5GHz band should be set for 802.11n operation because most of the devices that can work to the 5GHz band can work on the 802.11n standard.

Establishing a two-band wireless network

This leads me to talk about the dual-band wireless network which would be facilitated by most high-end performance-grade routers.

Here, I would use a separate SSID for each band. An easy way to go about this to have one band have the standard SSID while the other band has that SSID plus a band-specific prefix or suffix like BIGPOND2346 for the 2.4GHz band and BIGPOND2346-54G for the 5GHz band. This means that you can be sure which band to select from your laptop or other client device for better performance.

Choosing vacant Wi-Fi channels

You may have to select a vacant channel for your wireless network so as to avoid interfering with your neighbours’ wireless networks and to assure best performance for your network. Some routers may make this easy by implementing an auto-setup routine which looks for the channel with the least activity and tuning to that.

But you may have to use one of the many free Wi-Fi site survey tools like WiFi Analyzer for Android or MetaGeek’s inSSIDer for Windows to determine which channels are effectively vacant in your area. These programs provide a graphical view of SSIDs with relative signal strength on the 2.4GHz or 5GHz band so you can know which channels will offer greater performance.

Setting up for security

New passwords

The first job I would do with a new router after I have got the Internet connection going would be to change the device management password away from the default. This is important if manufacturers don’t assign device-management passwords that are unique to each device they sell. Here, I would determine a password that is easy to remember but hard for outsiders to guess and use some numbers and punctuation marks in the password.

As well, change the Wi-Fi network’s SSID away from the default SSID especially if it betrays the device’s brand like LINKSYS. It is important because if a device’s brand is guessed easily, hackers can take advantage of that brand’s or model’s security weaknesses to target your network.

If you are dealing with carrier-supplied equipment, you may find that the SSID may be something like the Internet service’s brand plus an apparently random number such as BIGPOND2346.

This may be a good time to personalise your Wi-Fi network such as to have it represent your business’s brand or the purpose of the network.

Most carrier-provided routers and some retail-provided routers will have a random WPA2-PSK passphrase that is unique to each unit and this will be stuck on a label attached to the underneath or back of the unit.

If your router implements WPS where it can determine the passphrase automatically, set the passphrase using the WPS push-button setup method by enrolling a Windows 7/8 laptop or Android mobile device to the network using this method. Then log in to your router’s Web user interface and go to the WPS option to set the option that “keeps” the WPS parameters the same when you use the WPS push-button setup method subsequently, then go to the wireless-network security parameters screen to record the randomly-determined passphrase for your network. This is important if you have to enroll Apple devices or other devices that don’t implement this setup method.

If you are dealing with a router that doesn’t implement WPS functionality, make up a WPA-PSK passphrase yourself and use some numbers and punctuation in that passphrase to make a secure passphrase. Record this on paper or a computer text file and transcribe it in to the router to keep a secure network.

As you change these passwords and Wi-Fi network parameters, keep a record of these details on paper in a secure place on your premises. This is useful if you have to reset your router due to network problems and reinstate network settings, you change Internet service or are setting up new Wi-Fi-capable equipment on your network.

Making sure UPnP works from the inside only

Most consumer and some small-business routers implement UPnP Internet Gateway Device functionality by default to simplify application-specific port-forwarding requirements. This is important especially for Skype, cloud-based device features and online gaming but some poorly-executed implementations have caused it to be deemed a security risk.

The main risk here is for UPnP IGD functionality to be accessible from the Internet rather than just the LAN (home network) side. This was aggravated due to Wi-Fi networks operating on manufacturer-default settings such as no passphrase or a manufacturer-default SSID and passphrase.

The risk has been mitigated through routers that are running firmware issued over the past few years as well as Wi-Fi segments that use “random-default” passphrases made easier with WPS and “random-default” SSIDs in the case of carrier-supplied hardware. But a good test to do is to visit the Rapid7 Website at this location: http://upnp-check.rapid7.com/results/91ca51deb4effcf7dcdda7f1b02571ef to make sure that you can’t use UPnP IGD functionality from the outside. If this test fails, it may be a good idea to update the firmware and/or disable UPnP functionality on the router if you aren’t using Skype, online games or similar applications.

Even if UPnP functionality is OK, it is a good idea to run a desktop firewall on your regular computers and the recent iterations of the Windows platform have this functionality integrated. This function is also integrated in to many newer desktop-security software packages which are infact worth installing on these computers. As for mobile and, increasingly, regular-computer platforms, read this article about app stores before you head on that app-store shopping spree.

IPv6

Some of you who are on an Internet Service Provider that supports IPv6 as well as having a recent high-end consumer router or small-business router equipped for IPv6 will find that you want to go to this path. This is supported in a dual-stack mode by the latest iterations of most regular and mobile operating systems and is being supported by most small-business network-capable printers.

To engage this operating mode if you know your ISP provides the functionality is a simple task. Here, you just select a checkbox on most IPv6-capable routers to enable the dual-stack IPv6 operation. This means that you have two logical networks on the same physical bearers – one with IPv6 operation and one with legacy IPv4 operation. Some of these ISPs also offer the routing between the networks so that data can reach the legacy single-stack IPv4 equipment.

What credentials you can keep constant

I have prepared a “download-to-print” A4 sheet which you can print out and fill in with your router password and Wi-Fi network details. Here, you then keep this with your paper files as a reference if you need to modify your router’s settings or add equipment to your network’s wireless segment.

Conclusion

Once you have your router set up in an optimum manner, you can expect many years out of this device working as an “edge” to your network. Here, you could expect your router to last around three to five years serving as this “edge”.